On 08-Feb-20 03:58, Toerless Eckert wrote:
<snip>
> Sure, and i am going to run a hacked ACP node thats announcing in GRASP
> to be the "best-ever" node to provide that service ;-) How to you
> prohibit me to happen ? -> Anser: i dont have a fitting certificate, or
> there is some ACP crowd intelligence that says i am untrustworthy.
I don't see how you can get away from asymmetric crypto to do that. An ASA
comes up and says 'I support "DANGER"', which is a GRASP objective for doing
something very dangerous. Take a concrete example: 'I support "PrefixManager"',
which is defined in draft-ietf-anima-prefix-management and will be in an
RFC one day soon. So this ASA needs to be trusted to allocate or assign
IP address space.
How can we check this is OK? As far as I can see, only if we have previously
decided to trust any PrefixManager ASA that can prove possession of a given
private key, or more precisely one of a given set of private keys.
In practical reality, I'm sure operators will want to install identical
binaries of a given ASA on multiple autonomic nodes. So the private key
will be scattered around the autonomic domain. My guess is that a lot of
operators would not see this as any better than just trusting the nodes,
not the individual ASAs.
Brian
_______________________________________________
Anima mailing list
Anima@ietf.org
https://www.ietf.org/mailman/listinfo/anima
